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Steven M. Hoffberg 

From: Steven M. Hoffberg [steve@hoffberg.org] 
Sent: Thursday, November 18, 2004 12:21 PM 
To: 'Nguyen, Nga' 
Subject: 09/599,163 http_clickshare.c 

/* 

* http_clickshare.c: routines for doing Clickshare authentication and 

* session tracking 

* M Callahan <michael@Newshare.com> 

* D Oliver <dave@Newshare.com> 

* Copyright 1995 Newshare Inc. 



7 

#include <unistd.h> 
#include <fcntl.h> 
#include <stdlib.h> 
#include <sys/types.h> 
#include <sys/uio.h> 
#include <sys/socket.h> 
#include <sys/time.h> 
#include <sys/un.h> 
#include <sys/wait.h> 
#include <string.h> 
#ifdef SOLARIS2 
#define index(a,b) strchr(a,b) 
#include <sys/time.h> 

#include <sys/resource.h> /* to get getrlimit() 7 
#endif/* SOLARIS2 7 
#include <gdbm.h> 
#include <stdio.h> 

#include "httpd.h" 

#include "tvs_client.h" /* interface to Clickshare auth facility 7 
#include "tvs_config.h" /* interfaec to clickshare. conf reader 7 

#include "tvs_error.h" /* error codes for tvs_validate_token 7 

#include "../reg/user_db.h" 

/* 

* definitions 



7 

/* how to contact Clickshare Corporation 7 
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#define CLICKSHARE SERVER "www.clickshare.com" /* hostport part only 7 
/* local pages that assist users 7 

#define BAD TOKEN PAGE 7click_user/bad_token.html" 
#define N E W_U SER_HELP_PAGE 7click_user/welcome.html" 
#define LOGOUT THANKYOU PAGE 7click_user/logout_thankyou.html" 
#define LOGOUT ERROR PAGE 7click_user/logout_error.html" 
#define BAD TESTDRIVE PAGE 7click_user/bad_testdrive.html" 

/* a test-drive user "jumps" into content from this page (which is probably 

* a link to a real page). 

7 

#define TESTDRIVE_JUMP_PAGE 7click_user/testdrivejump.html" 
/* well known location at each PM to contact to re-auth 7 
#define TOKEN TIMEOUT PAGE 7auth/auth.html" 

/* CGI script which generates a page when a user attempts access 

* to a CS-protected page without a token 

7 

#define AUTHREQUIREDPAGE 7click_cgi/auth_required" 

#ifdef LINUX 

/* for NR_OPEN 7 

#include <linux/fs.h> 

#endif 

#include "http_clickshare.h" 

/* 

* variables used here or exported 



7 
/* 

* socket used for logging 

7 

static int cs_log_socket = -1 ; 

/* clickshare_dont_shutdown: nonzero means that we have a child 

* process doing token addition, so don't call shutdown(2) on the socket 

7 

int clickshare_dont_shutdown = 0; 

/* clickshare_saved_url, clickshare_saved_query: we shove the url 

* and (optional) query string from the url when we get a chance 



11/28/2006 



Page 3 of 21 



* in clickshare_process_args for logging purposes later 
7 

static char *clickshare_saved_url; 
static char *clickshare_saved_query; 

/* clickshare_redirect_url: if we get a REDIRECT= query string, we 

* stuff it here 

7 

static char *clickshare_redirect_url; 

/* parameters given in clickshare.conf file: 

* AddTokenScript, LoggerFile, RegistrationDB, UseridDB 

7 

static char *clickshare_add_token_script = (char *) NULL; 
static char *clickshare_logger_file = (char *) NULL; 
static char *clickshare_registrationDB = (char *) NULL; 
static char *clickshare_useridDB = (char *) NULL; 

extern char msgString[]; 

static TVS_SERVER tvs_server = (TVS_SERVER) NULL; 
static TVS_PROFILE tvs_profile = (TVS_PROFILE) NULL; 
unsigned int clickshare_pageclass; 

/* tvs_login_token: nonzero means we had magic token "TVS=login" 

* requesting login 

7 

static int tvs_login_token = 0; 

void clickshare_after_auth_redirect (char *, FILE *); 
void clickshare_log_hello(); 

#ifdef SOLARIS2 

/* 

* replacement for getdtablesizeQ 



7 
int 

getdtablesize() 
{ 

struct rlimit rip; 

if (getrlimit(RLIMIT_NOFILE, &rlp) < 0) return 1; 
else 

return (int) rlp.rlimjnax; 

} 

#endif/* SOLARIS2 7 
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/* 

* check for errors on auth 



7 

int clickshare_token_ok() { 
return tvs_profile != NULL; 

} 

/* 

* indicate whether we got the magic token 



7 

int clickshare_login_token() { 
return tvs_login_token; 

} 

/* 

* open up the clickshare service and get site-definable params 



7 

void clickshare_open(char *conf) { 
if (tvs_server) 
return; 

tvs_server = tvs_initialize_service(conf); 
if (!tvs_server) { 

sprintf (msgString, "httpd: unable to initialize Clickshare\n"); 

LogMsg (LOGERR, msgString); 

exit (1); 

} 

/* 

* get parameters, sanity checking as we go along 

7 

clickshare_add_token_script = (char*) tvs_get_config_param ("AddTokenScript"); 

if (!clickshare_add_token_script) { 

LogMsg (LOG_ERR, "no AddTokenScript parameter"); 
exit (1); 

} 

if (access (clickshare_add_token_script, X_OK) != 0) { 

sprintf (msgString, "cannot execute AddTokenScript script %s", 

cl ickshare_add_token_script); 
LogMsg (LOG ERR, msgString); 
exit(1); 
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} 

clickshare_logger_file = tvs_get_config_param ("LoggerFile"); 

if (!clickshare_logger_file) 

LogMsg (LOG_WARNING, "no LoggerFile parameter specified: CS logging turned 

off'); 

clickshare_registrationDB = tvs_get_config_param ("RegistrationDB"); 

if (!clickshare_registrationDB) { 

LogMsg (LOG_ERR, "no RegistrationDB parameter specified"); 
exit(1); 

} 

if (access (clickshare_registrationDB, R_OK) != 0) { 

sprintf (msgString, "cannot read RegistrationDB %s", 

clickshare_registrationDB); 
LogMsg (LOGERR, msgString); 
exit(1); 

} 

/* presently, httpd does not need to access UseridDB itself 7 
clickshare_useridDB = tvs_get_config_param ("UseridDB"); 

if (!clickshare_useridDB) { 

LogMsg (LOG_WARNING, "warning: no UseridDB parameter specified"); 

} 

if (access (clickshare_useridDB, R_OK) != 0) { 

sprintf (msgString, "warning: cannot read UseridDB %s", 

clickshare_useridDB); 
LogMsg (LOG_WARNING, msgString); 

} 

/* register with the logging facility 7 
clickshare_log_hello(); 

} 

/* 

* drop out of clickshare session 



7 



void clickshare_terminate() { 
tvs_drop_service(); 
tvs_server = NULL; 

} 
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* authenticate a new user from the local auth database 



void clickshare_authenticate_user(char *user, char *password, FILE *out) { 
GDBM_FILE userdb; 
REG PROFILE profile; 

static char encrypted_password[100]; /* XXX 7 
int tries; 

char errstr[1 000]; 
char *tok, *p; 

if (!clickshare_registrationDB) 
return; 

for (tries = 0; tries < 60; tries++) { 

/* open_name_db silently picks up the RegistrationDB parameter 7 
userdb = open_name_db(GDBM_READER); 
if (userdb) 

break; 
sleep(1); 



if (luserdb) 

die (SERVER_ERROR, "cannot open registration database", out); 
profile = name_get(userdb, user); 
close_name_db(userdb); 
if (Iprofile) { 

sprintf(errstr, "Cannot find user %s in registration database", 
user); 

auth_bong(errstr, out); 

} 

/* password as stored in the profile is unencrypted. 

in order to be compatible with what caller expects, 

crypt it now. 7 
if (strcmp(profile->clickshare_password, password)) 
auth_bong("lncorrect password", out); 

/* OK, we have a user! 
* Construct a user profile. 

7 

tvs_profile = tvs_make_user_profile(); 
tvs_login_token = 0; 
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/* set the non-default values 7 

tvs_set_pm id (tvs_prof i I e , tvs_pm_id ) ; 
tvs_set_userid(tvs_profile, profile->clickshare_userid); 
tvs_set_hostid(tvs_profile, inet_addr(remote_ip)); 
tvs_set_sessionid(tvs_profile, tvs_make_sessionid(tvs_pm_id, 0)); 

/* use values from user preference database 7 

tvs_set_adv_context(tvs_profile, profile->pref_advertising_level); 
tvs_set_privacy1_flag(tvs_profile, profile->pref_privacy1 ); 
tvs_set_pdac_flag(tvs_profile, profile->pref_parental_discretion); 
tvs_set_premium_flag(tvs_profile, profile->pref_premiunn_charges); 

free(profile); 

tok = tvs_new_token(tvs_profile); 
if (!tok) 

die(SERVER_ERROR, "cannot construct TVS token", out); 

p = (char *) malloc(strlen(tok) + 5); 
if(!p) 

die(NO_M EMORY, "constructing TVS token", out); 

strcpy(p, "TVS-'); 
strcpy(&p[4], tok); 

if (clickshare_redirect_url) { 

/* this was a re-auth... bounce the user back to the page he wants 7 
char buf[2000]; 

strcpy (buf, clickshare_redirect_url + strlen ("REDIRECT-')); 
unescape_url (buf); 

/* does it already have a query component? 7 
if (index(buf, '?')) 

strcat (buf, "+"); 
else 

strcat (buf, "?"); 

/* add TVS=token 7 

strcat (buf, p); 

die (REDIRECT, buf, out); 

} 

clickshare_after_auth_redirect(p, out); 

} 

/* 

* based on the saved URL and query options, send a redirect with the TVS token 

* attached 
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void clickshare_after_auth_redirect(char *tok, FILE *out) { 
char buf[2000]; 

/* get http://ourhost:ourport/url 7 

construct_url (buf, clickshare_saved_url); 

/* escape this -- the things we add later are already escaped 7 

escape_url (buf); 

/* add token 7 

strcat (buf, "?"); 

strcat (buf, tok); 

/* add old query 7 

if (clickshare_saved_query && *clickshare_saved_query) { 
strcat (buf, "+"); 

strcat (buf, clickshare_saved_query); 

} 

die(REDIRECT, buf, out); 

} 



get the TVS auth token out of a URL 



char *clickshare_extract_token (char *args, char *param) { 
char *p, *q, *tvs_buf; 
int len; 

if (!args) 
return NULL; 

/* find param as a parameter in the query string args 7 
len = strlen(param); 
P = args; 
while (*p) { 

if (!strncmp(p, param, len)) 
break; 
p = strchr(p, '+'); 
if(!p) 

return NULL; 
P++; 

} 

if(!*P) 
return NULL; 

/* got TVS: copy it out of string 7 
/* is it terminated by a "+"? 7 
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q = index(p, '+'); 
if(q){ 

/* yes: copy up to "+" character into tvs_buf 7 
len = q - p; 

tvs_buf = (char *) malloc(len + 1); 
strncpy(tvs_buf, p, len); 
tvs_buf[len] = '\0'; 

/* now close up arg string by copying everything 
past the "+" character over the "TVS=" stuff 7 
strcpy(p, q + 1 ); 
} else { 

/* no: TVS argument ends with a null, so dup it 7 
tvs_buf = strdup(p); 

/* close up arg string by zapping a null over the "T" of "TVS" 7 
*p = '\0'; 

/* if the string isn't now empty, make sure we remove a trailing 

"+", if any 7 
if (p != args && p[-1] == '+') 

p[-1] = '\0'; 

} 

return tvs_buf; 

} 

/* 

* wait when we exit (so that kids dont get death signals) 



7 

void clickshare_wait_at_exit () { 
int status; 

/* wait for child before exiting 7 

wait(&status); 

sleep (50); 

} 

/* 

* wrapper to handle errors in authentication gracefully 



7 



static TVS_PROFILE 

clickshare_attempt_validation(char *token, FILE *out) 
{ 

TVS_PROFILE prof; 

char _where[MAX_STRING_LEN], *p; 
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/* Here we determine if the customer at the other end of the pipe is 

* currently valid. If user is not valid, we ship him back to a 

* variety of locations, depending on how much we know about him. 
7 

/* NOTE: remote_ip coming to us from http_request.c (global) 7 
prof = tvs_validate_token(token, inet_addr(remote_ip)); 
if(!prof){ 

switch((int) tvs_get_token_error_type()) { 
/* handle these cases locally 7 

case TVS_NO_TOKEN : /* no token attached 7 

case TVS_TOKEN_IS_INVALID : /* token invalid 7 

/** sprintf(_where, "http://%s/%s", CLICKSHARESERVER, NEW_USER_HELP_PAGE);*7 

construct_url(_where, NEW_USER_HELP_PAGE); 

die(REDIRECT, _where, out); 



/* redirect to home publisher for re-authorization 7 
case TVS TO KE N T I M E DO U T : /* token timeout 7 

sprintf(_where, "http://%s%s?REDIRECT=", 

tvs_get_user_home(), TOKEN TIMEOUT PAGE); 
/* now add old URL, _escaped_ 7 
p = &_where[strlen(_where)]; 
construct_url(p, clickshare_saved_url); 
p = &_where[strlen(_where)]; 

if (clickshare_saved_query && *clickshare_saved_query) { 
*p++ = '?'; 

strcpy(p, clickshare_saved_query); 

} 

escape_url (p); 
die(REDIRECT, _where, out); 

case TVS_TOKEN_IS_OK : /* valid user? this is messy ! 7 
LogMsg(LOG_ERR, "error from tvs_request_validation not setting TVS_ERROR"); 
/* and fall thru ...7 

/* give these errors to the clickshare boys 7 

case TVSTOKENISGARBAGE : /* really messy token 7 

case TVS_USER_AT_INVALID_HOST : /* invalid host/user 7 

default : 

sprintf(_where, "http://%s/%s", CLICKSHARE SERVER, BADTO KE N PAG E ); 
die(REDIRECT, _where, out); 

} 



return prof; 

} 
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/* 

* make some sense of a user's request, auth if required, bounce if bad 

7 



void clickshare_process_args (char *url, char *args, FILE *outf) { 
char *tok; 

/* assume we don't have a token 7 
clickshare_dont_shutdown = 0; 
tvs_profile = NULL; 
tvs_login_token = 0; 
clickshare_pageclass = -1; 
clickshare_redirect_url = NULL; 

tok = clickshare_extract_token (args, "TVS-'); 

clickshare_saved_url = url ? strdup(url) : ""; 
clickshare_saved_query = args ? strdup(args) : ""; 

if (strcmp(url, TOKEN TIMEOUT PAGE) == 0) { 
/* we have a redirect here 7 

clickshare_redirect_url = clickshare_extract_token (args, "REDIRECT-'); 

if (clickshare_redirect_url) { 
/* we definitely want to prompt for username/password, 

not put up the explanatory page 7 
tvs_login_token = 1; 
if (tok) 
free (tok); 
tok = NULL; 
return; 

} 

/* oops! shouldn't get here: that would mean we're 
going to the token revalidation page without a redirect 
target-Dave will have to pay for somebody's beer! 

7 

} 

if (!tok) { 

return; /* nothing to do 7 

} 

/* check for special "TVS=login" token to indicate a desire 
* to log in 

7 

if (strcmp(tok, "TVS=login") == 0) { 
tvs_login_token = 1; 
return; 

} 
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/* attempt to validate this token with TVS. NOTE: I might 

* well "die()" in the routine as I attempt to handle and 

* token error with a HTTP redirect 

7 

/* Note: since tok includes the "TVS=" characters, the 

* token itself starts at tok[4]. 

7 

tvs_profile = clickshare_attempt_validation(&tok[4], outf); 
if (!tvs_profile) { 

/* This token is no good. Forget about it. 7 
return; 

} 

/* Token is OK. Arrange to add it to outgoing URLs. 7 
clickshare_insert_token_filter (tok, outf); 

} 

/* 

* user has requested CS-protected page without giving a token: 

* redirect them to a CGI script that gives their options 



void clickshare_auth_required_page (FILE *outf) 
{ 

char buf[2000], *p; 

/* start: http://myhost/click_cgi/auth_required 7 
construct_url (buf, AUTH REQUIRED PAGE); 

/* add ?URL= 7 
strcat (buf, "?URL="); 

/* add URL, and escape it 7 
p = buf + strlen(buf); 
construct_url (p, clickshare_saved_url); 
if (clickshare_saved_query && *clickshare_saved_query) { 
strcat (p, "?"); 

strcat (p, clickshare_saved_query); 

} 

escape_url (p); 
die(REDIRECT, buf, outf); 
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* how we "tag" outgoing pages with TVS auth tokens if required 



void clickshare_insert_token_filter (char *tok, FILE *outf) 
{ 

int pid, fd[2], out; 

/* at this point, we've got the TVS=<token> string in tvs_token, 
it's been removed from the args string 7 

out = fileno (outf); 

/* get a pipe: fd[0] is for reading, fd[1] for writing 7 
if (pipe (fd) < 0) 
return; 

/* fork 7 

pid = fork (); 
if (pid < 0) { 

/* well, not much we can do 7 

close (fd[0]); 

close (fd[1]); 

clickshare_dont_shutdown = 0; 

free (tok); 

return; 



if (pid == 0){ 
/* parent: make 'out' refer to fd[1], close fd[0] 7 
if (fd[1] !=out){ 
dup2 (fd[1],out); 
close (fd[1]); 

} 

close (fd[0]); 

clickshare_dont_shutdown = 1; 

free (tok); 
return; 

} 

/* child: connect fd[0] to stdin, 'out' fd to stdout, close others 7 
/* move 'out' out of the way if necessary 7 
if (out == 0) 

out = dup (out); 
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if (fd[0] !=0){ 

dup2 (fd[0], 0); 
close (fd[0]); 

} 

if (out!= 1){ 

dup2 (out, 1); 
close (out); 

} 

if(fd[1]>1) 

close (fd[1]); 

{ 

int i; 

for (i = 2; i < getdtablesizeQ; i++) 
close (i); 

} 

fcntl (0, FSETFD, 0L); 
fcntl (1 , F SETFD, 0L); 

/* exec the add-token script 7 

if (execl (clickshare_add_token_script, 

clickshare_add_token_script, tok, NULL) < 0) { 

/* whoops, we're in trouble 7 

exit(-1); 

} 



/* 

* handle logging to the Clickshare Transaction Logging Facility 



7 

int clickshare_open_log () { 
struct sockaddr_un sa; 
int salen; 

char *clickshare_log_path; 

clickshare_log_path = tvs_get_config_param ("LoggerFile"); 
if (!clickshare_log_path) 
return 0; 

cs_log_socket = socket(AF_UNIX, SOCKSTREAM, 0); 

if (cs_log_socket < 0) 
return 0; 

bzero((char *) &sa, sizeof(sa)); 

sa.sun_family = AF_UNIX; 
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strcpy(sa .sun_path , cl ickshare_log_path); 

salen = strlen(sa.sun_path) + sizeof(sa.sun_family); 

if (connect(cs_log_socket, (struct sockaddr *)&sa, salen) < 0) { 
close (cs_log_socket); 
cs_log_socket = -1 ; 
return 0; 

} 

return 1 ; 

} 



* send the "HELLO" to the log facility 



7 



void clickshare_log_hello() { 
char buf[HUGE_STRING_LEN]; 
struct iovec iobuf[2]; 
int len, Ien2; 

if(!clickshare_open_log()) { 
fprintf (stderr, "clickshare_open_log failed\n"); 
return; 

} 

if(cs_log_socket < 0) 
return; 

sprintf (buf, "HELLO 0x%08x \"%s\"", tvs_pm_id, tvs_pm_name); 

len = strlen(buf); 
Ien2 = htonl(len); 

iobuf[0].iov_base = (char *) &len2; 
iobuf[0].iov_len = sizeof(int); 
iobuf[1].iov_base = buf; 
iobuf[1].iov_len = len; 

writev(cs_log_socket, &iobuf[0], 2); 
clickshare_close_log(); 

} 

/* 

* log a request out to the central logging facility 



7 
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void clickshare_log(char "request, char *logmsg) { 
char buf[HUGE_STRING_LEN], *p, *q, *r; 
struct iovec iobuf[2]; 
int len, Ien2; 

if (!tvs_profile) 
return; 

if(!clickshare_open_log()) { 
fprintf (stderr, "clickshare_open_log failed\n"); 
return; 

} 

if(cs_log_socket < 0) 
return; 

sprintf (buf, 

"%s user_id=0x%08x pm_id=0x%08x page_class=0x%08x session_id=0x%08x 
contentpm_id=0x%08x", 
logmsg, 

tvs_get_userid(tvs_profile), 
tvs_g et_p m id (tvs_p rof i I e) , 
clickshare_pageclass, 
tvs_get_sessionid(tvs_profile), 
tvs_pm_id); 

/* strip TVS=token string 7 
if (p = strchr(buf, V')) { 
/* found URL 7 
if (p = strchr(p, '?')) { 
/* found args 7 
P++; 

if (!strncmp(p, "TVS=", 4)) { 

/* TVS= is first query argument -- close up 7 

q = p + strcspn (p, "\"+"); 

strcpy(p, q); 
} else if (q = strstr(p, "+TVS=")) { 

/* found TVS=, q points at preceeding '+' delimiter; 
close up 7 

r = q + 1 + strcspn (q + 1 , "\"+"); 

strcpy(q, r); 

} 

/* Have we produced something of the form ?+" or ?" ? 7 

if (*p == ,+ ') 

strcpy(p, p+1); 

if (*p == v) 

strcpy(p-1 , p); 

} 

} 

len = strlen(buf); 
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Ien2 = htonl(len); 

iobuf[0].iov_base = (char *) &len2; 
iobuf[0].iov_len = sizeof(int); 
iobuf[1].iov_base = buf; 
iobuf[1].iov_len = len; 

writev(cs_log_socket, &iobuf[0], 2); 
clickshare_close_log(); 

} 

/* 

* close up shop (the log anyway) 



7 

void clickshare_close_log(void) { 
if (cs_log_socket < 0) 
return; 

close(cs_log_socket); 
cs_log_socket = -1 ; 

} 

/* 

* add Clickshare-specific variables to the environment given to CGI scripts 



7 

#define MAX_CS_VARS 32 + 16 

char **clickshare_add_vars(char **env, FILE *out) 
{ 

int x; 

char t[HUGE_STRING_LEN]; 

if(!(tvs_profile || clickshare_registrationDB || clickshare_useridDB)) 
return env; 

if(!(env = new_env(env,MAX_CS_VARS,&x))) 
die(NO_MEMORY,"add_cgi_vars",out); 

if (tvs_profile) { 
sprintf(t, "%d", tvs_pm_id); 

env[x++] = make_env_str("CS_MYOWN_PMID", t, out); 

sprintf(t, "%d", tvs_get_userid(tvs_profile)); 
env[x++] = make_env_str("CS_USERID", t, out); 

sprintf(t, "%d", tvs_get_pmid(tvs_profile)); 
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env[x++] = make_env_str("CS_PMID", t, out); 

sprintf(t, "%08lx", tvs_get_hostid(tvs_profile)); 
env[x++] = make_env_str("CS_HOSTID", t, out); 

sprintf(t, "%d", tvs_get_sessionid(tvs_profile)); 
env[x++] = make_env_str("CS_SESSIONID", t, out); 

sprintf(t, "%d", tvs_get_service_class(tvs_profile)); 
env[x++] = make_env_str("CS_SERVICE_CLASS", t, out); 

sprintf(t, "%d", tvs_get_page_class_limit(tvs_profile)); 
env[x++] = make_env_str("CS_PAGE_CLASS_LIMIT", t, out); 

sprintf(t, "%d", tvs_get_page_count_limit(tvs_profile)); 
env[x++] = make_env_str("CS_PAGE_COUNT_LIMIT", t, out); 

sprintf(t, "%d", tvs_get_service_priority(tvs_profile)); 
env[x++] = make_env_str("CS_SERVICE_PRIORITY", t, out); 

sprintf(t, "%d", tvs_get_customer_group(tvs_profile)); 
env[x++] = make_env_str("CS_CUSTOMER_GROUP", t, out); 

sprintf(t, "%d", tvs_get_adv_context(tvs_profile)); 
env[x++] = make_env_str("CS_ADV_CONTEXT", t, out); 

sprintf(t, "%d", tvs_get_pdac_flag(tvs_profile)); 
env[x++] = make_env_str("CS_PDAC_FLAG", t, out); 

sprintf(t, "%d", tvs_get_privacy1_flag(tvs_profile)); 
env[x++] = make_env_str("CS_PRIVACY1_FLAG", t, out); 

sprintf(t, "%d", tvs_get_premiunn_flag(tvs_profile)); 
env[x++] = make_env_str("CS_PREMIUM_FLAG", t, out); 

} 

if (clickshare_registrationDB) 

env[x++] = make_env_str("CS_REGISTRATION_DB", 
clickshare_registrationDB, out); 

if (clickshare_useridDB) 
env[x++] = make_env_str("CS_USERID_DB", 

clickshare_useridDB, out); 

env[x] = NULL; 
return env; 

} 

/* 

* contact the TVS server to invalidate an authentication token. 
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int 

clickshare_invalidate_token(char *url, char *args, int in, FILE *outf) 
{ 

char *tok; 

tok = clickshare_extract_token (args, "TVS-'); 
if (!tok) return 0; 

#define NOREASON 0 
if (!tvs_invalidate_token((TVS_TOKEN) tok, NO REASON)) 
return 0; 
else 
return 1 ; 

} 

/* 

* process a user "logout" - which invalidates his/her authentication token 



7 

void 

clickshare_logout_user(char *url, char*args, int in, FILE *outf) 
{ 

/* make sure this is a valid user requesting the logout. 
* (clickshare_process_args() will have checked this immediately prior) 

7 

if (!tvs_profile) { 

send_node(LOGOUT_ERROR_PAGE, (char*) NULL, in, outf); 

} 

/* do it 7 

if (!clickshare_invalidate_token (url, args, in, outf)) { 
die(SERVER_ERROR, "logout method failed - drop validation error", ou 

} 

/* send an ack 7 

send_node(LOGOUT_THANKYOU_PAGE, (char *) NULL, in, outf); 

} 

/* 

* process a "testdrive" user - a random user ID with minimal privileges 



7 

void 

clickshare_testdrive_user(char *url, char *args, int in, FILE *outf) 
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struct timeval tv; 
unsigned int tmp; 
char *tok, p[256]; 

/* PS: gonna ignore URL and ARGS for now, but later we may want 

* to feed options in thru here. 
7 

/* 

* first, create a profile for this (random) user 
7 

tvs_profile = tvs_make_testdrive_profile(); 
if (!tvs_profile) 

die(NO_MEMORY, "making testdrive profile", outf); 

/* fill in stuff that is non-default 7 

tvs_set_pmid(tvs_profile, tvs_pm_id); 
tvs_set_hostid(tvs_profile, inet_addr(remote_ip)); 
tvs_set_sessionid(tvs_profile, tvs_make_sessionid(tvs_pm_id, 0)); 

/* create a random user ID for the testdrive class (this will give us 

* at least .5M unique user IDs per day, and 4096 per second) 

7 

#define RANDOMUSERMASK 0x10000000 
#define TESTDRIVE_USER_CLASS 0x00 

#define BIT_MSK2 OxOfff 
#define UNBIT_MSK2 12 

tmp = (tv.tv_sec « UNBIT_MSK2) | ((tv.tv_usec » 4) & BIT_MSK2); 

tmp |= RANDOM USER MASK; 

tvs_set_userid(tvs_profile, tmp); 

/* 

* acquire a new authentication token for this user 

7 

tok = tvs_new_token(tvs_profile); 
if (!tok) 

die(SERVER_ERROR, "cannot obtain TVS token for test-drive user", outf); 

/* 

* create the URL of the page to "jump" to 

7 

construct_url(p, TESTDRIVE_JUMP_PAGE); 
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escape_url (p); 
strcat(p, "?TVS="); 
strcatjp, tok); 

/* via redirect, user starts his clickshare session as a random user id 
* at the jump page 
7 

die (REDIRECT, p, outf); 

} 



Very truly yours, 

Steven M. Hoffberg 

Milde & Hoffberg, LLP 

Suite 460 

10 Bank Street 

White Plains, NY 10606 

(914) 949-3100 tel. 

(914) 949-3416 fax 



Confidentiality Notice: This message, and any attachments thereto, may contain confidential information which is 
legally privileged. The information is intended only for the use of the intended recipient, generally the individual or 
entity named above. If you believe you are not the intended recipient, or in the event that this document is 
received in error, or misdirected, you are requested to immediately inform the sender by reply e-mail at 
Steve@Hoffberg.org and destroy all copies of the e-mail file and attachments. You are hereby notified that any 
disclosure, copying, distribution or use of any information contained in this transmission other than by the 
intended recipient is strictly prohibited. 
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